General sandbox specs?
tal00r at ecs.soton.ac.uk
Fri Mar 12 16:05:18 EET 2004
On Fri, Mar 12, 2004 at 02:48:58PM +0100, Lars Hallberg wrote:
> This is something I been wondering about sens the birth usermode linux.
> Would it be possable to build a sandbox, wher it is safe to download and
> run untrusted binarys?
User Mode Linux would be a good place to start. You'll get problems as
soon as you try to share your display with untrusted applications, though,
so you'd basically need to run them in a sub-desktop with Xnest or
something like that:
> * For the sandbox itself, what libs etc is avalible. Possably a
> 'dependency' standard wher each pakage can tell what they need - then
> the underlaying distro can be asked if these dependencys exists and
> possably offer to automaticly install dem.
For dependancies, you should take a look at (my) zero install stuff. This
will let users/sandboxes access any libraries they want without risking
the rest of the system:
> But the first question is, is it att all possably, ind if, hove is it
> best done, and hove much effort is needed?
The actual sandboxing is quite easy, but getting trusted and untrusted
apps to integrate well is much harder (drag-and-drop, copy-and-paste,
shared file system, etc).
Thomas Leonard http://rox.sourceforge.net
tal00r at ecs.soton.ac.uk tal197 at users.sourceforge.net
GPG: 9242 9807 C985 3C07 44A6 8B9A AE07 8280 59A5 3CC1
More information about the xdg